1 Million Impacted in Blackbaud Data Breach

by | Sep 4, 2020

Another four healthcare suppliers have broadcast HIPAA breach alerts  in relation to the Blackbaud ransomware attack and data breach.

Just after the Northwestern Memorial HealthCare group revealed that the personal information of 55,983 clients had been impacted, an additional three breaches of 179,189, 52,500 and 22,718 at MultiCare Health System, Spectrum Health Lakeland Foundation and Richard J. Caron Foundation. respectively have been revealed on the OCR’s breach portal.

This comes after previous breaches at Northern Light Health Foundation, Catholic Health, the University of Detroit Mercy, and Children’s Hospital of Pittsburgh Foundation were revealed to be related to the Blackbaud data breach.

The overall amount of individuals impacted  total is rapidly approaching 1 million but it is not yet known if all breached organizations have been identified.

The ransomware attack on Blackbaud was initiated around May 14, 2020 after access to their databases being gained early in the year. Blackbaud’s cloud services provides services to healthcare groups globally. Luckily the group’s public cloud service remained secured . The company maintains records for more than 25,000 non-profit organizations.

Blackbaud moved to restrict the damage that was carried out. Despite this the hackers were able to steal a portion of data from Blackbaud’s self-hosted environment, including the platform used by many healthcare groups for engagement and fundraising. This data included the names of donors, people who had been present at fundraising functions previously.

Along with names, data including addresses, dates of birth, telephone numbers, and email addresses were impacted, and in some instances, donation details, donations and other donor profile information. For most impacted groups, highly sensitive information including bank account data, credit card details and Social Security numbers were not impacted.

Blackbaud published a release in relation to the breach, stating that the ransom demand was paid to unlock the data and mitigate any malicious use of the data stolen in the hack. It said: “Based on the nature of the incident, our research, and third party (including law enforcement) investigation, we have no reason to believe that any data went beyond the cybercriminal, was or will be misused, or will be disseminated or otherwise made available publicly… We apologize that this happened and will continue to do our very best to supply help and support as we and our customers jointly navigate this cybercrime incident.”

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.


Please enable JavaScript in your browser to complete this form.

Patrick Kennedy

Patrick Kennedy is a highly accomplished journalist and editor with nearly two decades of experience in the field. With expertise in writing and editing content, Patrick has made significant contributions to various publications and organizations. Over the course of his career, Patrick has successfully managed teams of writers, overseeing the production of high-quality content and ensuring its adherence to professional standards. His exceptional leadership skills, combined with his deep understanding of journalistic principles, have allowed him to create cohesive and engaging narratives that resonate with readers. A notable area of specialization for Patrick lies in compliance, particularly in relation to HIPAA (Health Insurance Portability and Accountability Act). He has authored numerous articles delving into the complexities of compliance and its implications for various industries. Patrick's comprehensive understanding of HIPAA regulations has positioned him as a go-to expert, sought after for his insights and expertise in this field. Patrick's bachelors degree is from the University of Limerick and his master's degree in journalism is from Dublin City University. You can contact Patrick through his LinkedIn profile:

Raise the level of HIPAA Awareness in your organization with Learner-Friendly, Comprehensive and Affordable HIPAA Training.

Comprehensive HIPAA Training

Used in 1000+ Healthcare Organizations and 100+ Universities

    Full Course - Immediate Access

    Privacy Policy